Gmail phishing scheme poses a cybersecurity threat to millions of users
Even experienced security experts have fallen victim to the phishing scheme that begins with the attacker sending the potential victim an email that appears to come from someone they may know. Enclosed in the email is an attachment, and when a victim clicks on it a new login page opens up that looks strikingly similar to the Gmail login. This method is used to gather users' login information and puts the security of their accounts in jeopardy.
“It’s a little bit difficult to see, because it’s designed to fool users into thinking that everything is OK,” says Borisov. “The way a lot of scams get perpetrated is by fooling you into thinking that you're typing your password into a legitimate site such as Gmail, but of course, you’re actually redirected to a website that is run by the attacker."
These schemes are difficult to spot because the attacker site URL may look nearly identical to the secure Gmail login. Users must verify the sites they enter their information into begin with "https://", as opposed to the insecure browser "data:text/html".
“If you were to glance up at your location bar in your browser… you would see the things you were looking for, or at least some of the things. If you were (looking) a little more carefully, you’d notice there wasn’t a secure indicator, a green lock indicator," Borisov notes about the false login.
To check if your account is safe, Gmail users can look into their "account activity" and browse their "recent security activity" to check for suspicious movement.
To learn more ways to protect yourself against the Gmail phishing scheme, read the original article by the Chicago Tribune.